1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. Understanding S3 encryption mechanisms to secure your data

Introduction

The course is part of these learning paths

Solutions Architect – Professional Certification Preparation for AWS
course-steps 47 certification 6 lab-steps 19 quiz-steps 4 description 2
SysOps Administrator – Associate Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 30 quiz-steps 4 description 5
Certified Developer – Associate Certification Preparation for AWS
course-steps 29 certification 5 lab-steps 22 description 2
Security - Specialty Certification Preparation for AWS
course-steps 22 certification 2 lab-steps 12 quiz-steps 5
AWS Access & Key Management Security
course-steps 6 certification 2 lab-steps 2 quiz-steps 2
more_horiz See 2 more
play-arrow
Introduction
Overview
Transcript
DifficultyAdvanced
Duration12m
Students1529
Ratings
4.9/5
star star star star star-half

Description

Course Description

We have all seen in the media numerous occurrences whereby large international organizations have had their data exposed and leaked that had been stored on S3.  Any sensitive data stored in the cloud MUST be encrypted, and when storing your data on S3 there are multiple different options that you can choose from to enable you to protect your data with encryption.  To help you understand these mechanisms, this course will guide you through the process of how each of them works, not just from an encryption perspective but also at a decryption level.  This will allow you to make the right choice when it comes to selecting the most appropriate method of encryption to align with your own internal security strategy.

Applying encryption is a simple task and it can protect you and your customers from data exposure should a malicious user gain access to your S3 buckets.

Learning Objectives

By the end of this course series you will be able to explain the encryption and decryption process for:

  • Server-Side Encryption with S3 Managed Keys (SSE-S3)
  • Server-Side Encryption with KMS Managed Keys (SSE-KMS)
  • Server-Side Encryption with Customer Provided Keys (SSE-C)
  • Client-Side Encryption with KMS Managed Keys (CSE-KMS)
  • Client-Side Encryption with Customer Provided Keys (CSE-C)

Intended Audience

This course is intended for those who have a responsibility of storing, managing and protecting data that is stored on Amazon S3.  

Prerequisites

This is an advanced level course and so it is essential that you have an understanding of S3 and that you have the knowledge to enable you to upload and retrieve data along with how to select different encryption options.

In addition to this, you must also be familiar with the KMS service and understand both CMKs and Data encryption keys.  

This course includes

7 lectures

Feedback

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.

About the Author

Students58527
Labs1
Courses55
Learning paths39

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 50+ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.

Resources Referenced

AWS Big Data: Security

How to use KMS Key encryption to protect your data

Transcript

Hello and welcome to this course focused on the five different S3 encryption mechanisms covering SSE-S3, SSE-KMS, SSE-C, CSE-KMS, and CSE-C, and I'll explain how both the encryption and decryption process works for each option.

Before we start, I would like to introduce myself. My name is Stuart Scott. I'm one of the trainers here at Cloud Academy specializing in AWS, Amazon Web Services. Feel free to connect with me with any questions using the details shown on the screen. Alternatively, you can always get in touch with us here at Cloud Academy by sending an email to support@cloudacademy.com where one of our cloud experts will reply to your question. 

This course is specifically designed for those who are responsible for storing, managing, and protecting data that is stored on Amazon S3. 

The content of this course will focus on the following lectures:

  • Overview of encryption mechanisms
  • Server-Side Encryption with S3 Managed Keys
  • Server-Side Encryption with KMS Managed Keys
  • Server-Side Encryption with Customer Provided Keys
  • Client-Side Encryption with KMS Managed Keys
  • Client-Side Encryption with Customer Provided Key

Each lecture within this course has been specifically designed to be short, focused, and to the point delivering a single objective from each lecture. 

This course does not focus on recommendations of when to encrypt data or discuss the pros and cons for each encryption method. Instead, the single objective of this course is to enable you to understand the process for encryption and decryption for all S3 encryption options, providing you a full understanding of how S3 is protecting and securing your data when an encryption option is needed based on your business requirements. 

For this course, it is essential that you have an understanding of S3 and have the knowledge to enable you to upload and retrieve data along with how to select different encryption options. In addition to this, you must also be familiar with the KMS service and understand both Customer Master Keys, CMKs, and data encryption keys. For additional information on these points, please search our content library for these existing courses as shown on the screen. 

Feedback on our courses here at Cloud Academy are valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you can contact support@cloudacademy.com. 

That brings me to the end of this lecture. Coming up next, I'll provide an overview of the five different encryption mechanisms.